<?php

if($userCan['addpost']) {

if (!isset($_POST['add_post'])) {
            echo "
        <table border='0' cellpadding='0' cellspacing='0' width='500'>
        <form action='$siteurl/admin.php?action=postpage' method='post'>
            <tr>
                <td>Title:</td>
                <td><input type='text' name='title'></td>
            </tr>
            <tr>
                <td>Category:</td>
                <td>
                    <select name='category'>
                        ";
            //now what we are doing here is looping through
            //the categorys table and getting all the
            //categorys and putting them into a select
            //so the user can select which category
            //the tutorial is on
            $query = mysql_query("SELECT * FROM page_categories ORDER BY id ASC") or die(mysql_error
                ());
            while ($row = mysql_fetch_array($query)) {
                echo "<option value='$row[id]'>$row[category]";
            }
            echo "
                    </select>
                </td>
            </tr>
                <tr>
                <td>Tutorial:</td>
                <td><textarea name='content' cols='40' rows='10'></textarea></td>
            </tr>
            </tr>
                <tr>
                <td>Short Description:</td>
                <td><textarea name='short_description' cols='40' rows='2'></textarea></td>
            </tr>
            <tr>
                <td>Show Email?</td>
                <td><input type='checkbox' name='show_email' value='1' checked></td>
            </tr>
            <tr>
                <td colspan='2'><center><input type='submit' name='add_post' value='Submit New post'></center></td>
            </tr>
        </form>
        </table>
        ";
        }
        //else, error check, enter it
        elseif (isset($_POST['add_post'])) {
            $name = $uName;
            $title = secure($_POST['title']);
            $category = secure($_POST['category']);
            $content = $_POST['content'];
			//BBCOde tutorial here
            $short_description = secure($_POST['short_description']);
			$email = $uEmail;
            $show_email = secure($_POST['show_email']);
            $date = date("m/d/Y");
            $time = time();

            //we begin error checking....
            $error_msg = array();

            if (empty($title)) {
                $error_msg[] = "Please insert a title!<br />";
            }
            if (empty($category)) {
                $error_msg[] = "Please insert a category!<br />";
            }
            if (empty($content)) {
                $error_msg[] = "Please insert content.<br />";
            }
            if (empty($short_description)) {
                $error_msg[] = "Please insert a short description!<br />";
            }

            //print the errors, if any
            if (count($error_msg) > 0) {
                echo "<strong>ERROR:</strong><br>n";
                foreach ($error_msg as $err)
                    echo "$err";
            }
            //everythings ok, insert it to the DB
            else {
                $sql = "INSERT INTO `posts` (author, content, title, cat_id, date_submitted, time_submitted, is_validated) VALUES ('$uName', '$content', '$title', '$category', '$date', '$time', '0')";
                mysql_query($sql) or die(mysql_error());
                echo "post added for review!";
            }
        }
		
		} else {
		
		echo 'You don\'t have permission';
		
		}
?>